what is a console session login in windows xp

Logged in to XP Pro sp3, using the task manager, under the users tab, I see myself and session is listed as "console"

I have looked at some friends machines and their session info is blank. I've googled this and can find nothing. What is a console session? Should i be concerned?

Thanks...

 

Hello, cipher:wave I also have Windows XP SP3, and only show myself in the user tab of the Task Manager.

May I ask, why did you log in there? Are there others that use the machine?

 

I don't know what you mean by "why did you log in there" I am the only user account on this machine, admin priviliges, connecting to the net by cable modem. I have a firewall, ZA, and a good suite of Major Geek approved protection software. I was looking in the task manager for clues as to Firefox hanging up quite often, and just clicked on the users tab out of curiosity. Being the only user, I do not need to select a user or input a password when I start the machine.

I have no idea what this is about. On my Mac, the console is for doing admin work, never really heard of it on a windows home box...

Thanks...

 

Hi Cipher, I was referring to this:

So sorry if I misunderstood, :-o but you can disconnect or log on from there. I thought that is what you said. I haven't seen anything but myself in mine. I don't think the task manager will show much for why FF is freezing tho.

Have you tried to clear the cache, lately? Might help

 

Yes, I clear the cache every few days. The firefox problem seems to be without solution, many frustrated users out there, but that is another story. I was in the task manager looking at running processes, and apps, seeing where my memory was been used, etc.

I just stumbled upon the user tab and saw that i was logged on as me, but in a console session. The session column is blank for other folks I know. I do not log on thru the task manager. Like I said, i am the only user account on the machine, guest is disabled...

I hit the power button and the box starts up each day and brings me to the desktop without selecting a user or inputing a password. As it should be.

Here's a screenshot of what I see:

http://i46.tinypic.com/2yuacdy.jpg

Thanks for your time...

 

Well, Cipher, that is definitely weird, because after looking at your screenshot, I now understand what you are talking about. I don't have a "session" in mine :

User - ID - Status - Client Name

That is it.. Have you clicked help, to see if you can get some info on that sessions ? :confused

 

I get this:

Users fields overviewUser fields overview

Each field on the Users tab is described below. Click one of the following for more information:
User
Displays the users logged onto this computer.


ID
Displays the numeric ID that identifies the session on the computer.


Status
Displays the current status of a session. Possible session statuses in Task Manager include Active and Discconnected.


Client Name
Specifies the name of the client computer using the session, if applicable.


Session
Displays the session names on this computer.

 

Hmm, never noticed that before, mine shows me as in a console session as well. Subscribed to the thread to see the replies.

 

I don't know what a console session is but my task manager looks just like yours. I'm not worried about it.

 

I found a few articles mentioning Remote Desktop. I have that disabled, so that's not it...

Very puzzling...

 

Well I have to say, 2 Major Geeks unconcerned about it makes me feel MUCH better. Thanks folks...

 

Mine is the same as well on Win7RC :wave

 

There ya go, I think it is pretty safe...

 

No it is definitely not.
As being blackhat myself, I inform you of the following:

by spoofing one's MAC using simple binary executables like Softperfect NS for example,
one can easily connect to a local IP's console session and therefore shadow the session.
Targets will see nothing unusual in the Windows Task manager, just the single console session.
Per terminal an rogue Remote Desktop Connection is easily made.

And that's only the binary-side of the story,
Using Operating systems like BT5.1 or LRH one can even connect to external IP's and perform elevated administrative tasks.
A random IP range is easily scanned for targets vulnerable to this method.
Even in the new Windows 8 these problems are yet to be resolved.

If you want to be "save" (better said: untargetable using this method)
Go to:

START - RUN
type: services.msc

Disable the following services:

Terminal Services
Secondary Logon (not in Win7)
Remote Desktop
Remote Registry
Routing and remote access​

Secondly, uninstall the remote desktop service

C:\WINDOWS\$NtUninstallKB925876$​

to instantly degrate your admin/root vulnerability level by at leat 15-20%

This is, of course, only when you do not need to remotely access your desktop.
If you do, lookup the appropriate security measure's at a site like remote exploits and apply them accordingly.

After this, check the task manager again and the console session should be gone.


Regards,

P4S5a.

 

Take it up to full screen - then you will see the Session column.

Mine is exactly the same as Cipher's - Console. It's normal.

 

And to add to this, I had and have all the remote services mentioned above stopped and disabled. Those are on my checklist of things to check on any install. In the 3 years since my post, nothing bad has happened, so I'm sticking with "No big deal" on this console thing...

 

Yes it is an default occurrence when installing the Remote Desktop Connection Update. But also a well known known vulnerability among penntesters.
Did not mean to bump an old thread, just stumbled upon it.


Regards,

P4S5a.

 

Well, one can disable all the remote services they want,
but by linking one's logon session to the local subnet
(what a console session essentially is) you annihilate
the whole purpose of disabling the remote services in the
first place for the reasons I mentioned earlier.

By no means I mean to argue,
and if you're fine with the setup you are used to - by all means stick to it.

I agree you are right you have no reason to worry,
but I don't think anyone can argue the fact one should
not be logged on per console session - and certainly not by default -
when only using the machine locally.

Furthermore, once a vulnerable client is targeted,
the victim should not expect a popup stating "You are hacked".
Reality: Internet traffic is routed to "study groups" and analyzed for useable data.
The days computers run slow when targeted are well gone.
Stealth use of your bandwidth for certain purpose only resumes when the connection is idle.
Rogue access points can nowadays be deployed within your local 802x environment without anyone realizing it.
To be short - the blackhat rooting your box would not be doing a good yob if you immediately realize "something bad is happening" , now would he?

Regards,

 

This is why I don't allow Windows boxes to connect to the Internet anymore. My Linux boxes do that work.